Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-1766

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2014-1766
Last Modified 26 Jun 2014 12:48:33
Published 27 Apr 2014 06:55:03
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2014-1766

Summary

Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, as demonstrated by Sebastian Apelt and Andreas Schmidt during a Pwn2Own competition at CanSecWest 2014. NOTE: the original disclosure referred to triggering a kernel bug with the Internet Explorer exploit payload, but this ID is not for a kernel vulnerability.

Vulnerable Systems

Operating System

  • Microsoft Windows 8.1 -


References

MISC - http://www.pwn2own.com/2014/03/pwn2own-results-thursday-day-two/

MISC - http://twitter.com/thezdi/statuses/444216845734666240

MS - MS14-035

BID - 67518

SECTRACK - 1030370


Last Updated: 27 May 2016 10:56:46